Office 365 Compliance

In Asia, it takes a lot of faith for businesses to have their data hosted out side of their own property. Common questions business owner will ask when it comes to cloud hosting are things like how their data is secured and who can see their data.

Vendors like Microsoft and Amazon can make all kinds of claims, but in the end, assurance comes in the form of a third party certification.

Microsoft Office 365 cloud, which host my company’s email (Exchange), instant messaging (Lync) and documents (SharePoint), has a few certifications under it’s belt.

This blog post from the product team talks about how our compliance concern are handled professionally by Microsoft.

And if you care enough to find out more in details, there is a landing page for this here

But for layman like me, what does terms like ISO 27001 and HIPAA mean for me? So I found that this page explains the meaning of the certificates that Office 365 has

Because the list doesn’t provide links back to respective certification body, I provide a list here:

Health Insurance Portability and Accountability Act (HIPAA)

Federal Information Security Management Act (FISMA)

ISO 27001

European Union (EU) Model Clauses

U.S.–EU Safe Harbor framework

Family Educational Rights and Privacy Act (FERPA)

Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

Gramm–Leach–Bliley Act (GLBA)

If you read thru the detail, you will notice that some compliances are industry specific, as such health care (HIPAA) and financial services (GLBA). While I want to disclaim that I am not a legal professional but the Data Processing Agreements have pretty straight forward English. For most customers, a Data processing agreement with Microsoft will be covers generally the below few things.

1. Microsoft will not use your data other than to provide you the subscribed service

2. When you quit being their customer, you can extract your data before Microsoft is to delete them

3. Microsoft will not disclose your data to anyone except by law, but not without first notifying you about the law agency’s request

You can find a list of them Data Processing Agreement for Microsoft Online Services here.

Open XML SDK open sourced

OpenXML is the document forward used by Microsoft Office since Office 2007 on Word, Excel and PowerPoint. It carries an extra ‘X’ at the end of its extension i.e. docx, xlsx, pptx.

Microsoft also made available a SDK for developers to manipulate the documents without relying on Microsoft Office. Those who follow my blog would know back in 2008 to 2010 I wrote a few post on working with Office documents on the server side without depending on Microsoft Office.

Today Microsoft made the OpenXML SDK an open source project, you can read about this on Doug Mahugh’s blog post here. Or you can head straight to the github repository to download the SDK. 

Updated: Facing problem when upgrading SharePoint Online sites

When I upgraded a site collection to version 2013 recently, I notice all the pages with custom page layout cannot be edited anymore. We did a test run on our local SharePoint site with the same content but didn’t run into this problem.

One thing pretty funny is, all SharePointers will know that SharePoint 2013 assemblies are version 15. But I noticed the version of custom page layouts on my SharePoint Online site are now version I checked the version of my SharePoint Online site by navigating to and it shows also version


We have not find the solution to this, so wait for further posts on how to fix this.


Update: 1 day later, the site where the pages cannot be updated works perfectly without me doing anything. Could it because SharePoint Online migration actually will take a longer time beyond the ‘OK’ status.

Opinion on hackathons in Malaysia

The Star columnist Gabey Goh asked me recently about my opinion on hackathon scene in the country. I gave her some feedback and they were published on the Star paper here.

Patrick Yong, a tech entrepreneur and “Microsoft Most Valuable Professional” award winner also believes hackathons hold value, having organised a couple.

“I think it is more than just fun and each hackathon has its own agenda. The audience is a mix of entrepreneurs, students and some tech gods. What I have seen so far, it is a good networking venue for whatever agenda you have.

“I notice however, that the depth or quality of the work we see at local hackathons varies. We’ve see some very good products, to mostly just university-type projects that have no value. Nevertheless it gives newbies an experience.

“So it’s not the question of too many hackathons — in Malaysia we don’t see too many new faces. If over a year, you went to four or five, you may have met most of the attendees,” he added.